Lockscreen bug is fixed in latest Android build, but availability is spotty.

Share this story

Software bugs that allow attackers to bypass smartphone lockscreens are common enough for both Android and iOS devices, but like a fender bender on the highway, many of us can't resist the urge to gawk anyway. There's a newly disclosed way for someone who has a few uninterrupted moments with a handset running most versions of Android 5.x to gain complete control of the device and all the data stored on it.

The hack involves dumping an extremely long string into the password field after swiping open the camera from a locked phone. Unless updated in the past few days, devices running 5.0 to 5.1.1 will choke on the unwieldy number of characters and unlock, even though the password is incorrect. From there, the attacker can do anything with the phone the rightful owner can do.

The following video demonstrates the attack in action. The technique begins by adding a large number of characters to the emergency call window and then copying them to the Android clipboard. (Presumably, there are other ways besides the emergency number screen to buffer a sufficiently large number of characters.) The hacker then swipes open the camera from the locked phone, accesses the options menu, and pastes the characters into the resulting password prompt. Instead of returning an error message, vulnerable handsets unlock.

Fortunately, the vulnerability was introduced in version 5, so the number of affected handsets is only a small fraction of the overall Android user base. Vulnerable users who can't get an update or don't want to wait for one to become available can switch to a PIN or pattern-based lockscreen, neither of which is susceptible to the hack. And while we're on this topic of Android lock patterns, readers may be interested in recently presented research showing that many of them are surprisingly predictable.

Promoted Comments

I should be more outraged about this, but honestly I'm more like "if you get your hands on my phone, I already lost the battle" so it just doesn't bug me much. =)

Is this really how you feel? Despite having everything duplicated/backed up in the cloud, I can't help but think this is very naive. After losing an iPhone for an afternoon, it was very valuable to be able to lock it down and know it wasn't going to be breached or that I could remotely erase it if the people who found it changed their minds about returning it (we tracked it to Richmond, and approached the people who found it with a police escort).

In the end, yes, it's just an price tag with a value of a few hundred dollars. The ability to hold so much valuable data makes it much more valuable to be able to lock it securely and wipe it completely if needed.